IETF Logo Mail Archive

Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)

Ben Campbell <ben@nostrum.com> Thu, 14 September 2017 04:54 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF2B1320BD; Wed, 13 Sep 2017 21:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eNt6CgUcWbyG; Wed, 13 Sep 2017 21:54:01 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A1EA12422F; Wed, 13 Sep 2017 21:54:01 -0700 (PDT)
Received: from [10.0.1.82] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8E4rtLl051972 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 13 Sep 2017 23:53:56 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.82]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <BCB85BDA-D77B-4493-A6E5-842876BD89E1@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_76AAFB5C-EFD9-4335-B339-9BC7315BC8B0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 13 Sep 2017 23:53:56 -0500
In-Reply-To: <CADPMZDB7nS19=vzkaGa3uKnh4DSxEOVstNhopURLGMrGWXRxYQ@mail.gmail.com>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
To: denis bider <denisbider.ietf@gmail.com>
References: <150533102741.30467.13878869431655356929.idtracker@ietfa.amsl.com> <CADPMZDD1ApUzELbNcG-WM3-EoSxGNppWP6mA6FoFr1Ga=a7x8A@mail.gmail.com> <255F9E42-377B-43AF-AFA1-B67C9BC0F714@nostrum.com> <CADPMZDB7nS19=vzkaGa3uKnh4DSxEOVstNhopURLGMrGWXRxYQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/04EcwFyBduGF9BHeaprHsLHXYAA>
Subject: Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 04:54:04 -0000

> On Sep 13, 2017, at 11:47 PM, denis bider <denisbider.ietf@gmail.com> wrote:
> 
> > I do not see a response to my comment on the “*” note in section 2.4.
> > Did that change as part of the rewrite of that section that you mention below?
> 
> Aye, sorry for not mentioning that. Most of the text was kept, but it was slightly rearranged. The sentence containing the inappropriate MUST was replaced with:
> 
> "The timing of the second opportunity is chosen for the following reasons.”

That works for me, thanks!

[…]

> > The issue is redundant normative language, where it becomes
> > ambiguous which piece of text is authoritative.
> 
> Aye - it does violate the one-definition rule.
> 
> I have changed the first mention as follows:
> 
> "Implementers' attention is called to Section 2.5., in particular the requirement to tolerate any sequence of bytes - including null bytes at any position - in an unknown extension's extension-value.”
> 

Thanks!


> I have previously contemplated whether to add explicit mention of the OpenSSH behavior up to 7.5. On the one hand, it is poor practice to reference individual implementations. But on the other hand, this is a widespread implementation that everyone will want to interoperate with. If we provide no guidance about how to handle this bug, it will throw implementers for a spin, and worse, the compatibility workarounds may not be ideal. (E.g. people may avoid sending binary extension-values to ANY version of OpenSSH, instead of just versions up to 7.5.)
> 
> For this reason, I have provisionally added the following section under the "delay-compression" extension:
> 
> 
> 3.2.3.  Compatibility Note: OpenSSH up to 7.5
> 
>   This extension uses a binary extension-value encoding. OpenSSH clients
>   up to and including version 7.5 advertise support to receive
>   SSH_MSG_EXT_INFO, but disconnect on receipt of an extension-value
>   containing null bytes. This is an error fixed in OpenSSH version 7.6.
> 
>   Implementations that wish to interoperate with OpenSSH 7.5 and earlier
>   are advised to check the remote party's SSH version string, and omit
>   this extension if an affected version is detected. Affected versions
>   do not implement this extension, so there is no harm in omitting it.
>   The extension SHOULD NOT be omitted if the detected OpenSSH version is
>   7.6 or higher. This would make it harder for the OpenSSH project to
>   implement this extension in a higher version, if they so choose.
> 
> 
> This might be unusual, but since the bug exists in current versions, it will stay relevant for 5+ years. I think it may be worthwhile to ensure everyone's workarounds are consistent.
> 
> The alternative would be to change the spec to disallow binary extension-values, but I think this is long-term inferior (especially since OpenSSH has committed to fixing the bug).

I don’t have a strong opinion here. One approach might be to say an extension MUST NOT add binary values, but implementations MUST NOT fail if one is present for an extension you don’t understand. In any case, I will leave that to you and Ekr to decide.

[…]

v2.23.0 | Report a Bug | By Email